For the past few months, I have been working on a project for work that has pretty much been taking me away from working other items such as PoshWSUS. This project, which I have named PoshPAIG (yea, it’s the best I could come up with for CodePlex) which stands for PowerShell Patch Audit/Installation GUI. This utility allows you to input a server name via a host file, active directory query or by right clicking and adding the name yourself. You then have options to Audit Patches, Install Patches or Reboot Servers. I also included the capability to create a CSV file reporting the status after the Audit or Install of patches and the option GUI report which presents the report via a Grid-View.

Initial Planning

My initial plan was to make this into one file, which would have easily topped out at over 1000 lines of code. But as I started to work and make changes here and there, I found that this would need to evolve into something much more than I had anticipated. The moment I took the leap to add Help files that included pictures and something better than just a simple popup window with text showing a few basic help items, I realized that I would need to use multiple files, not only for the images but actually for specific parts of the help file I was putting together. Once I started down that path, I saw that it would make writing and debugging my code easier by separating some of the functions I used into their own separate files that I would call at the loading of the jobs.

I wrote the GUI using XAML for WPF and then compiled it via PowerShell. I admit that this was my first go at using WPF and have to say that I did enjoy it quite a bit! I went the easy route since it was my first time by using Stack Panels instead of Grids. I’ve started to use Grids more now on my last two projects, but do not feel like re-coding this project to use Grids at this point in time. At some point I may come back to this and re-do it using grids, but not any time in the near future. I used some of my old code that I put together for my command line auditing/installation of patches with some minor adjustments here and there. Most notably is my Get-PendingUpdates script that allowed me to create the remote COM object to perform the patch audit and save some time using PSExec (ok, not sure about saving time, but it makes it easier to compile the report). By doing the auditing this way, I already have my nice object to add into my current report and also update the grid table that shows how many patches are waiting to be install on each server (By the way, the number of patches for each server is updated in real-time as the utility runs thanks to some great background jobs and a lot of research and pain ).

VBScript as a tool

I did go back in time a little bit and am using the same VBScript code to perform the patch installations. Now why VBScript you ask? Simple. I did not want to go into this with the assumption that PowerShell is installed on each and every server and then have it fail multiple times because there is nothing that can run the script. Using VBScript was an easy and simple decision as I can encase it in a Here-String and then just use Out-File to create it on the remote system which can then be called using the wonderful tool PSexec.exe. After a successful completion, the VBScript outputs a nice CSV file which is then grabbed using Import-CSV which I can then make a few adjustments and add into my report.

Important Notes

This tool is still in an Alpha state, meaning that some features will not work and some bugs that I am working on fixing. The most glaring piece that will not work is the Reboot Host capability. I decided to focus on a few other things and pushed this off until the next version. While I do not like releasing things that are not 100% complete, I felt that the most used features (audit and install) would be available to use to the user with potential bugs that I can pick off as I see them.

I have the project currently out at CodePlex instead of the Technet Script Repository for the time being as this is not in a stabile enough state to have out there yet. But rest assured that after the next couple versions, I will push it out to the repository for another place to download this utility.

PoshPAIG In Action

Ok, I have given a decent amount of background into this utility and now it is time to show it in action. After downloading the zip file from the CodePlex site, you can then unzip it to whichever location you wish. Keep in mind that you must keep all of the files in their same location and not move or delete anything. Doing so could potentially make this utility unusable.

Running PoshPAIG

After you have unzipped the files to the location of your determination, you can then run the utility via the PowerShell console (as an administrator) by navigating to the folder and typing:

. .\Open-WSUSUtility.ps

This must be run using the console and not the ISE due to issues with PSExec and how it is handled in the ISE. A friendly warning is given if you do this on accident. Also, a check is performed to make sure you are running PowerShell in STA mode and if not, it will attempt to re-run the script by opening another instance of PowerShell in STA. Lastly, a check is performed to make sure you are an Administrator. If this check fails, then you should open an instance of PowerShell as an administrator.

Adding servers to server list

Ok, lets start out by adding a server to the server list. There are a few ways to accomplish this and I will start out by showing the way to add just one system into the list. The first way is by Right-clicking on the server list and selecting the “Add Server” context menu. Doing so brings up a dialog to enter a server name to add to the list.

What you have next is the server added to the list and you can now see the current status for the patches on the server. In this case, there are no patches as the server was just added.

Other ways to add servers to the server list are to use the Browse File, which opens a dialog that allows you to locate a file containing a list of servers. Load File allows you to load the file that was designated in the text box to the right of the button. Lastly, we have the Load from AD, which opens a dialog box listing the current domain (if applicable) and allows you to accept the default domain or input another domain and loads all servers that have their accounts residing in that domain. It is important to note that I currently do not have anything configured to allow for alternate credentials for the other domains (but it is something that is on my To-Do list).

Auditing Patches

Auditing patches is a pretty simple process that can be done one of 2 ways depending on what you want to do. The key thing is to make sure that the Radio Button is checked for Audit Patches. You can audit a single server by double clicking on the server, which will begin the auditing of patches on the server. I have plans to add another context menu to right click on the server and select Run or something like that. If you have more than 1 server in the list and you click the Run button, the auditing process will begin for the first 5 servers in the list and will continue to update itself and run until all servers have been processed. During either of these times, the Run button is disabled to prevent any issues from occurring during the process.

Looking at the next image, you can see that the process has finished and the progress bar is at the maximum position. Also, and the more important part in my opinion, is that the server list has updated itself to show that there are now 43 patches waiting to be installed. As each server completes the auditing process, the server list automatically updates itself in real time to show you how many patches are available to install.

Audit Reporting

Now that I have performed the auditing of the server, the next step is to find out what those patches are that are waiting to be installed. How do we do that, you ask? Simple! To view a simple report just to see what is waiting, you can click the Open Report Window to open up a GridView report that can be sorted and filtered as needed.

As you can tell, I have quite a few patches that have not been downloaded, but are available to install. I can filter for KBs, Download status, title and computer. Another option for reporting is to create a CSV report that can be emailed to others. Another thing to note is that the report is created in the same directory as the utility (this will be changed in the future to allow the user to determine where it will be saved to) and also the path is displayed in the status bar.

Installing Patches

Installing the patches works exactly like the Auditing of patches. The only exception is that you must have the radio button checked for Install Patches. By doing this, you are telling the utility to perform a patch installation when clicking the Run button or double clicking on the server.

Looking at the image above, we can see that 1 patch did install successfully out of the 43 that were available to install. We know that only 1 patch was downloaded to the system, so this is ok. Had there been issues with a patch that was being installed, it would be reflected in the InstallErrors column. Much like the auditing, this information is updated in real-time as the installation is completed for each system.

Install Reporting

Again, just like the Audit Reporting, the reporting of patches that are installed is performed the same way. Let’s take a look at the gridview report and see what it shows.

As you can see, the patch shows as being installed successfully. Note that if the patch does not install successfully, the error will show in the report. The same goes for the CSV report that is created. I did have to cheat a little as I forgot to clear the report prior to the installation and had to filter for the patch that was installed.

Extra Items

Some extra things that are available in the utility are the menu items at the top of the utility. The include an Exit, Clear All, Clear Report, Clear Server List, About and Help. These are pretty much self explanatory. The Help is a set of help files (still work in progress) that will help a user to figure out what to do with the utility.

Conclusion

I hope that you find this utility to be useful and I welcome everyone’s opinion either on this site or on CodePlex. This is still in Alpha and I have a list of things to do to include adding the reboot feature, more information for the help files, fix a bug in the reporting for the installation of patches, etc… Thanks again for giving me support in making this utility a success!

Coming up next version…

At the time of this being published, I have already made some significant updates to PoshPAIG to include the following items:

Notes section that displays the status of activity for each server

Ability to select multiple servers to audit/install/remove

Get a report of all installed patches on server/s

View entire WindowsUpdate.log or last 25/50/100 lines

Run wuauclt with detectnow or resetauthorization switches on servers

Reboot selected servers

Better reporting for patch installations

Time taken for completion of actions

Here is a screenshot of it showing the new Notes column as well as some right-click menus.

I still have more testing to do with a few of these features but am hopeful that this will be released within the next few weeks.

I am a nub….and can’t get this thing to fly yet…….
I can launch pw. I have the app on the D: for space purposes.
I am logged in as Administrator
IN PS, I log to d:
Now at the PS d:\
All the PSTools were extracted here. The original pstools extractable exe file is also still here. PoshPAIG is in the D:\ as well. Should these all be under one directory for neatness, called “PoshPAIG” or something? As opposed to all in the root? Finally, as it is, in PS at the D:\, and no matter what I type I get a returned error saying the cmdlett is wrong or doesn’t exist
. I really want to get this script working because it really appears to exactly what we need in our environment……so rest assured Mr. Prox…….the donation is en-route if we see it working! 🙂
– PS Newbie

Navigate down the directory tree until you get to the Start-PoshPAIG.ps1 file and then try running .\Start-PoshPAIG.ps1 and let me know what happens. It sounds like you are trying to run the script while being in a different folder location. As long as psexec.exe is in the same folder as Start-PoshPAIG.ps1, there shouldn’t be any issues when you try to run the tool.

In there, are several files, but PSexec.exe as well as Start-PoshPAIG.ps1 are there.

Running Powershell, logging to D:\
Then moving down the tree to that location as shown above, and doing a .\Start-PoshPAIG.ps1
Produces a few errors for digital signing errors that are resolved easily.
Exiting PS and restarting and going back to:

D:\PoshPAIG_2_1_5\PoshPAIG_2_1_5\PoshPAIG_2_1_5

Oddly, then trying again, produces:

WARNING: This script must be run in Powershell started using the –STA switch!
Script will attempt to open Powershell in STA and run re-run script.

It blinks and drops me back at cursor. Is it actually running? What actually happened?

Regardless, if I exit and then re-run powershell with the –STA switch…….and then navigate down and execute .\Start-PoshPAIG.ps1
It pretty much begins a bloody mess of wild errors scrolling through the scream like a ______________ (feel free to fill in the blank)

Yea, this is definitely an issue with the system that this is running on. Because it cannot load the assemblies for PresentationFramework and PresentationCore which leads me to wonder if you have at least .Net 3.5 installed on your system. Can you verify that this is installed on your system?

Well, seems I was able to verify it WAS NOT (.net 3.5) running on this system. Installed .NET 3.0. And now the code seems to execute ok. Thanks Boe. I’m assuming you can see my email address, from the form we post in? Please email me an address I can send my thanks to, or paypal.

No need for donations.🙂 I am just glad to help.
How are you loading up the hosts? Through a host file or manually adding them by right-clicking on the UI and selecting to Add the hostname? I see that for some reason that it has a null value for the computername column. Also be sure to select the rows that you wish to run the various commands, otherwise it will fail to run.

OK, well it’s surely something on the VM…….I downloaded it to my machine an it did so fine….again. So is there any issue with VM’s that anyone is aware of?
Also, can I just install this on one server and basically use it do update the others? Or does Powershell have to be on all those other servers in the environment? I have many legacy servers.

Interesting, it almost seems like the UI hasn’t loaded completely (or at all). Do you ever see the UI when you attempt to run the tool? Can I get a screenshot of the initial errors when you try to run this?

Initially, it blinks…..like something happens, but its way too fast, and no UI ever comes up. I’d love to give you the inital errors, cause like it seems 2 or more pages go by. Any thoughts on how to catch them all?

If you run PowerShell “as an Administrator” and make sure it is running using the -STA switch (you can even set it in the shortcut for PowerShell), you can then try to run the tool and if it does fail with errors, you can then take the $error variable and export everything to a CSV file. Otherwise it may be difficult to catch those initial errors. Or you can try to run the ISE ‘as an administrator’ and open up the Start-PoshPAIG.ps1 script and run it to see what happens.

Love the script. Right now I am having a issue with installing patches though. About a week ago I used it on a test batch of servers and it worked perfectly. This week since there were no problems I decided to increase my test server list to 50. It successfully audited the servers, but when I went to run the patches it errored out on all servers within a matter of seconds. I am not a domain admin just a admin in my OU. Is there any group policy that would prohibit me from successfully patching? Is there a error log that I can view to try and troubleshoot this problem further?

You know, I think it would be much easier for you to do this with a PowerPack for PowerGUI. You get so much extra for free this way, plus you can mobile-enable the PowerPack and allow users to do this from their mobile device.

Thanks for the comment. That is a great idea to build a PowerPack for PowerGUI. I am already committed to finish up PoshPAIG and add the help files for it, Once that is done, I think I will turn my attention to learning about building a PowerPack and get the ball rolling on this. Probably would have started this up at work if I wasn’t waiting still to get PowerGUI approved to be on the network (long story).

This looks fantastic. I’m looking forward to trying it out. One small request – if there are known problems with the code as it stands, can you please use the Issue Tracker functionality of CodePlex to log them so that users can be more aware of what might go wrong?

Boe…. I love this! I’m on a massive windows update run this afternoon and this has made my job a million times easier. I can only begin to imagine the amount of effort that’s gone into this. Just in case you’re interested, here’s a couple of things I think would make it easier:
1) Ability to browse a tree of AD to select root (Might be fun in WPF)…
2) Some sort of indicator that a server could not be contacted rather than just showing “0” Audited updates. I’d love to see “–offline–” or even “-1” or something…Just a thought.

The extra ideas are simply me nit-picking, the tool itself is mind-blowingly useful!

Thanks Chris! Any feedback is good feedback for me! The idea of having a tree to browse is pretty cool and something I will look into for a future version. As for the second suggestion, I can tell you that it I implemented something like that for the next version release that brings a “Notes” column that will display the status of each system to include it being offline or completed during an operation. Glad you are liking this tool! It has been fun to build and is a nice learning opportunity for me as well.